hanh.tonguyen/paperclip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #376 from dalestubblefield/fix/http-secure-cookies

Browse Source 
fix: disable secure cookies for HTTP deployments
This commit is contained in:
Dotta
2026-03-08 22:15:54 -05:00
committed by GitHub
parent c674462a02 ad55af04cc
commit 7b70713fcb
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/auth/better-auth.ts
View File

@@ -70,6 +70,9 @@ export function createBetterAuthInstance(db: Db, config: Config, trustedOrigins?
const secret = process.env.BETTER_AUTH_SECRET ?? process.env.PAPERCLIP_AGENT_JWT_SECRET ?? "paperclip-dev-secret"; const secret = process.env.BETTER_AUTH_SECRET ?? process.env.PAPERCLIP_AGENT_JWT_SECRET ?? "paperclip-dev-secret";
const effectiveTrustedOrigins = trustedOrigins ?? deriveAuthTrustedOrigins(config); const effectiveTrustedOrigins = trustedOrigins ?? deriveAuthTrustedOrigins(config);
const publicUrl = process.env.PAPERCLIP_PUBLIC_URL ?? baseUrl;
const isHttpOnly = publicUrl ? publicUrl.startsWith("http://") : false;
const authConfig = { const authConfig = {
baseURL: baseUrl, baseURL: baseUrl,
secret, secret,
@@ -88,6 +91,7 @@ export function createBetterAuthInstance(db: Db, config: Config, trustedOrigins?
requireEmailVerification: false, requireEmailVerification: false,
disableSignUp: config.authDisableSignUp, disableSignUp: config.authDisableSignUp,
}, },
...(isHttpOnly ? { advanced: { useSecureCookies: false } } : {}),
}; };
if (!baseUrl) { if (!baseUrl) {